The Need for Digital Notice
As you may or may not be aware there is an OECD Privacy conference
this month in which the W3C (i believe) has the opportunity to
contribute input. Regardless, I would like to raise the issue of
digital Notice and its role in the development of public privacy to
this list and if possible through this list to the OECD.
For this reason I wanted to highlight further the idea of a subject
access API and the role of Notice to regulators globally.
Fundamentally, digital notice is needed for people to understand
privacy impacts or to engage in controlling their information sharing
and privacy. Perhaps this is something this list might be
interested in discussing? My hope is that this can be done in view of
providing a request, asking the OECD to provide regulator guidance,
which enforces and evolves digital data protection regulation to a
minimum digital standard for legal notice. As you may or may not be
aware at this time the legal infrastructures do not support digital
notice and as a result there is no core legal infrastructure for the
social web. This is a big problem and I believe this is the source of
many issues we face in public privacy today.
The specific OECD topic:
> The Evolving Role of the Individual in Privacy Protection:
>
Critically in both privacy protection and public identity management
the quality of notice (a.k.a. transparency), greatly impacts on the
quality of consent and control people need to have to effectively
manage their own identity and privacy.
In this respect, I am looking for a Public Privacy recommendation to
the OECD asking them to provide regulatory guidance and evolve
existing data protection regulation in a way that supports a digital
standard of notice.
From a rights perspective, without a minimal digital standard of
notice, data subject access to information is disproportionate to the
technical methods which are being used to harvest personal data. This
makes it difficult for an individual (and the W3C) to develop control
and trust in the use of digital identity. (violating rights and
crippling the social internet) In this regard I am looking for ITAC to
ask the OECD to include thes two points in their guideline review:
Evolve the existing data protection to include:
1. digital (proportional) ability for data subject's to access
institutionally held information. (e.g. no mandatory written requests
if possible)
2. ability for a subject to give a digital notice to control the
collection, use, and revocation of information shared digitally with a
service provider.
Talking Points
To champion and advocate this issue I would go so far as to assert
that a high standard quality in notice would go a long way to solving
many internet privacy and trust framework issues in identity
management. In addition, i assert that a higher quality of notice
would have a tremendous impact on the social and creative expression
across the internet, positively impacting the Internet economy and
facilitating global interoperability of personal data control
architecture. (e.g. Open social use of the web, live identity, real
time integration of actual data, standard observability over time,
internet of things, etc.)
The bottom line, the use of information age identity management with
industrial aged notice is a rights concern. A concern that promotes
inequality of access to information as the existing quality of notice
is not sufficient enough for the average data subject to understand
privacy on the network layer.
> 1. What technical innovations offer promise for giving individuals
> easier access to and control over information about them?
Digital notice for subject access and digital subject notice to and
from organisations
>
> 2. What are the incentives and barriers for innovating privacy tools
> and what are challenges to successful deployment?
The incentives are accessibility, education, access and control of
information independent of service providers,
- Notices are inherently legal and are also an explicit component of
consent. With no legal quality of notice enforced the law and
consent lack trust and integrity needed for the social web.
>
> 3. What is the role of technological innovation within a broader
> framework for privacy protection?
Digital notice would provide road signs for an internet of services at
a regulatory level this is a needed mechanism for technological
interoperability. The subsequent transparency enables the development
of tools so people can not only see privacy impacts but also evolve
control over their information.
- With a standard in digital notice issues lack un-usable terms of
service, and lack of internet policy infrastructure can be
comprehensively addressed.
- Notice is an implicit component of informed consent
- Notice's are inherently legal as they are "one sided legally binding
demarcations."
Best Regards,
Mark Lizar
On 6 Oct 2010, at 22:25, Christine Runnegar wrote:
> Hello all.
>
> IGF @ Vilnius
>
>
> First, please let me reiterate my thanks for supporting the Internet
> Society in this endeavour and contributing very considered and
> insightful perspectives on the Future of Privacy. It was a very
> successful workshop with approximately 100 participants in the room
> plus remote participation. We also presented a brief report on the
> workshop during the main session on Security, Openness and Privacy,
> summarising some of the views expressed regarding international
> cooperation on privacy, including those provided by the Internet
> technical community. The contributions from the Internet technical
> community can be found here: www.isoc.org/privacyinsights.
>
>
> ITAC Privacy work
>
>
> As you are no doubt aware, the Kantara Initiative (and W3C) is a
> member of the Internet Technical Advisory Committee (ITAC) to the
> OECD. ITAC's work with the OECD WPISP covers many areas, including
> privacy.
>
>
> The terms of the ITAC Charter are available here: http://www.internetac.org/wp-content/uploads/2009/03/itac-charter1.pdf
> . Important - Please read this document.
>
>
> OECD Privacy Conference
>
>
> Recently, I posted an email to the ITAC email list (oecditac@elists.isoc.org
> ) regarding an ITAC contribution for the upcoming OECD Privacy
> Conference in Israel (25-26 October 2010) entitled: The Evolving
> Role of the Individual in Privacy Protection: 30 Years After The
> OECD Privacy Guidelines, and encouraging ITAC members interested in
> privacy issues to indicate their availability for a conference call
> to prepare some discussion points for the conference.
>
>
> The OECD Secretariat has very kindly invited us to participate in a
> panel on Fostering Innovation in Privacy Protection as a discussant.
> The OECD does not want a formal presentation as they would like to
> have a more interactive discussion. They would like us to provide
> perspectives on the role of technical innovations in the realm of
> privacy governance. While the OECD has invited me to be the voice,
> we really want this to be an ITAC contribution. We have a lot of
> Internet technical privacy experts in ITAC (particularly in the IAB,
> OASIS, Kantara Initiative P3WG and W3C). This is a great opportunity
> for us to provide input into the policy debate on privacy.
>
> In addition to the points for that panel, Trent Adams and I would
> like to prepare a couple of points for each session to have ready
> for use as appropriate.
>
> Specifically, we would like to build on the work that you and other
> members of the Internet technical community have already done for
> the IGF Workshop on the Future of Privacy.
>
> If you are interested in contributing to the ITAC presentation,
> would you please let me know as soon as possible.
>
>
> Please do not hesitate to contact me if you have any questions.
>
>
> Best regards,
>
> Christine
>
> ______________________
>
> Christine Runnegar
> Senior Manager Public Policy
> Internet Society
> Galerie Jean-Malbuisson 15
> CH-1204 Geneva
> Switzerland
>
> Tel: +41 22 807 1455
> www.isoc.org
>
> _______________________________________________
> WG-P3 mailing list
> WG-P3@kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3